HNAP, or the Home Network Administration Protocol, is a network device management protocol dating back to 2007. Cisco, took over the protocol from Pure Networks in 2008. It allows network devices (routers, NAS devices, network cameras, etc.) to be silently managed and administered. This lets someone or something malicious make changes such as adding port forwarding to a router. No thanks, it is an accident waiting to happen.

HNAP also has had a long history of buggy implementations. And, it has been abused, more than once, by bad guys to learn the technical details of a router, making it easier for them to find an appropriate vulnerability to attack. Worse still, the fact that a router supports HNAP may not be visible in the administrative interface and you may not be able to disable HNAP in a router.

Years ago, I owned a Linksys WRT54GL router that supported HNAP. After an HNAP flaw made the news, and I realized I could not disable HNAP, I bought a new router.

The good news is that HNAP seems to be dying out. There used to be an hnap.org website, but no more. It was part of a software product called Network Magic that Cisco discontinued in 2012. In November 2016, D-Link said they have stopped using it.

There is a section on testing if a router supports HNAP on the Test Your Router page.
If HNAP is enabled, try to disable it in the router administrative interface. If you can't disable it (there may be no option for this), then try updating the firmware. Maybe, the router vendor removed HNAP in later firmware. If all this fails, then a decision is needed. The secure option is to get a new router.

September 12, 2017: Enlarge your botnet with: top D-Link routers by security firm Embedi. They found three flaws in the D-Link DIR890L, DIR885L, DIR895L and, most likely, other DIR8xx routers. One of them was that a malicious request sent to http:// 192.168.0.1/HNAP1/ can cause a stack overflow that allows for the execution of shell commands with root privileges.

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability by US-CERT March 8, 2017. As bad as it gets: an unauthenticated attacker can run arbitrary code as root. Vulnerable on LAN side for sure and remotely if remote admin is enabled. Other D-Link models may also be affected. The vulnerability is in the HNAP service. A bad guy can send a specially crafted POST request to http://routerIPaddress/HNAP1/ that causes a buffer overflow.